The normal day-to-day as an MSP is often challenging enough. When emergencies arise and your customers look to you to help them maintain business continuity, the best strategy is to rely on well-defined and pre-established plans and procedures. But every customer’s needs are unique, and you may not have gotten around to writing up a plan for each of them.

The first step to effectively managing the changes and rapid response demanded during a crisis is to gather the data that you need to ensure that you are maintaining the confidentiality, integrity, and availability of your customers' systems while also doing what needs to be done to adapt in times of crisis.

In order to help you rapidly collect the information you need, Liongard has put together a playbook to help gather the data that you need and track the changes that your team makes in order to navigate your customers through troubled times.

Step 1: Start with a Quick Client Assessment

Is my client “remote ready”?

Tech-heavy companies, or those with partially distributed workforces, will already have some basic framework for remote work. For example, a conferencing strategy for remote meetings, VPN connectivity, etc.

Other companies will not have any technology or processes in place for that kind of distributed work.

Key Question: Are we augmenting existing technology and processes for this client? Or is this all new?

Where are my client's key applications?

If key applications and services are inside the firewall, VPN connectivity and sufficient bandwidth at the main office or data center location to operate 100% remotely will be key.

If legacy applications are involved, they won’t necessarily work well via VPN. In this case, Remote Desktop or VDI will be crucial.

If everything is web-based or in the cloud, VPN may be much less important. But cloud solutions have their own set of questions: what additional licenses may be required to effectively serve the entire client base? Which employees relied on communal resources while in the office now need individual solutions?

Identify which server(s) key applications are running on. Use Liongard's Windows Server Inspector to identify installed software, remote user access groups, and more.

What is the baseline requirement for connectivity?

Attempt to establish a simple set of requirements/tests for remote workers to test their internet connectivity. If there is a minimum standard below which things will not work well, communicate those requirements ASAP, so employees can work with their ISPs for necessary upgrades.

How will we be impacting this client’s security posture with these changes?

Consider the following questions:

• Will some employees be forced to work from personal machines?
  • If so, what additional antivirus and management packages need to be provided to maintain an acceptable level of security?
• Will new “stealth IT” cloud-based tools come into play to enable collaboration?
  • If so, which use cases are most business-critical and, for those business critical functions, what options might you be able to roll out quickly to manage things as well as possible?
• Will lack of fast, reliable access to centralized storage drive key data off out of “official” locations to workstations, personal computers, etc.

What are the exceptions?

Consider the following questions:

• What processes happen infrequently (i.e., monthly) that might be overlooked?
• What teams have different requirements than the majority of users?
  • Dev/Engineering teams with lab networks
  • Finance/Exec teams with private storage locations

Step 2: Review Liongard Views and Details

When a business unexpectedly requires their staff to work remotely, we recommend assessing the following Liongard views and details.

👍

Details of the information available in all of our Inspectors can be found in our System Inspector Summary

Firewall & Remote Access

Review Firewall Rules

• Audit for RDP port forwards or other rules that enable remote access without sufficient security
• Audit for firewall rules allowing outside access directly to applications (i.e., web applications) and understand how those applications are used

Review for VPN Configuration and Access

• Determine if connectivity is mediated by local user accounts or an external directory (i.e. Active Directory)
  • If an external directory, what security group or mechanism allows remote access?
• Determine whether the device has sufficient licensing for the number of concurrent VPN users likely to be using it
• Determine whether the device has sufficient throughput and hardware performance (i.e., encryption throughout) to support the number of required users?
• Ensure that MFA is enabled for user accounts, if available

Liongard is already capturing changes to your firewall's configuration, so you have a safety net for any changes that you make. You may also want to take a full, restorable backup of the device before making major changes.

Collaboration and Productivity Tools

Productivity Suite

👍

Details of the information available in our Microsoft 365 inspector can be found in the Microsoft 365 section of our System Inspector Summary.

• Do you have sufficient quantities and types of licenses for the work your customers need to do remotely?
  • Installation of local applications of Microsoft 365 where necessary
  • Access to SharePoint
  • Azure AD licenses for additional security and access control policies

How do customers stay in communication?

• What are the approved video and chat conferencing tools?
• Who are admins and what rights do users have?
• What are the approved file-sharing tools?
  • Test our Box.com Inspector

Endpoint & User Security

Provisioning

You may need to rapidly purchase and provision new laptops and other mobile devices. Consider the following questions:

• What management tools, MDM software, do you have in place? Do you have InTune from Microsoft?
• Are devices encrypted?
• AV Inspector: Does the client have AV installed?
  • Review devices listed in our AV solutions' Inspectors:
    • Apps and Services System Inspector Summary
  • Are device firewalls configured?

Active Directory Inspector

👍

Details of the information available in our Active Directory inspector can be found in the Active Directory section of our System Inspector Summary.

• Perform a User Access Review using the Users and Groups data views
  • Are any users' roles changing such that they need additional or reduced permissions?
• Determine which groups enable remote access
• Ensure that terminated staff are properly de-provisioned

Malware

Microsoft 365: Watch for elevated occurrences of phishing email in general and pay particular attention to crisis-related phishing attempts.
Antivirus: Use Liongard's Metrics and data views to audit the complete deployment of security software to endpoints, and configure Actionable Alerts to keep track of infection issues and machines that are not checking in.

Compliance Frameworks

What compliance framework(s) is this customer subject to? And what specific rules around change controls and remote access and data storage are most critical for this customer?

👍

Liongard's Inspectors are regularly inspecting systems and maintaining an historic record of system configurations and changes. Refer to Liongard's Inspector timelines to keep track of changes made that may need to be accounted for or reverted in the future.